Digital Forensic Investigations

1678 Words7 Pages
Digital forensics is a branch of forensic science concerned with the use of digital information produced, stored and transmitted by computers as source of evidence in investigations and legal proceedings. Digital forensics has existed for as long as computers have stored data that could be used as evidence. For many years, digital forensics was performed primarily by government agencies, but has become common in the commercial sector over the past several years. Originally, much of the analysis software was custom and proprietary and eventually specialized analysis software was made available for both the private and public sectors. The first part of this paper provides a brief overview of digital forensics Process, followed by the models…show more content…
when does the investigator stop an investigation if nothing is found)
By far, the investigation and analysis of child exploitation material ranked highest when asked about the most common case types in the digital instigators’ caseload (time spent). CEM was estimated between 65% and 100% of an individual investigator’s caseload, with the group average being approximately 80%. Data retrieval, Internet investigations, Email and fraud/ counterfeiting were estimated to account for approximately 15% of the investigators’ caseload. Murder, cell phones, telephone fraud, hacking, kidnappings and drug related cases were the most commonly mentioned third tier investigations taking place, accounting for the remaining 5% of an investigator’s caseload.


From the observed CEM investigation process we derived a general process model for child exploitation material investigations as well as data or evidence for the problems.
i. General Processing and Analysis
 Order the exhibits based on likely relevance to the case.
 Conduct a preliminary analysis from the write blocked suspect device that includes:
• Recovering deleted items and
…show more content…
Keywords were generated from case specific information.
• Known good/bad hash sets were rarely used.Known bad hash sets were used primarily during operations. NSRL3 and similar hash sets were also rarely used to remove or classify known-good.
• If no suspicious material were discovered in the manual image and video preview, keyword search or signature analysis, the investigator would normally check for installed programs, specifically for encryption or anti-forensic software.
• If no suspicious software were found, the digital investigator would generally look at Internet history, with various automated tools, depending on the unit’s software licensing.
• Generally, if no suspect material had been discovered,the investigator would run CEM detection software for hash and content analysis of allocated and unallocated files.The CEM detection software database, however, was not centralized. Classification of images was also not standardized within the

More about Digital Forensic Investigations

Open Document